bookmark_borderUsing a GUI on your AlmaLinux server

Hello,

In this week’s feature highlight, we look at How to use a GUI on your AlmaLinux server

AlmaLinux is new a CentOS alternative and is often used as an operating system without GUI, but just like CentOS, AlmaLinux supports installing a desktop environment/GUI which you can connect to via VNC or similar software.

This blog article looks into how to install a GNOME desktop environment / GUI on your AlmaLinux server.

To use AlmaLinux in graphical mode, you will need to install the GNOME package on the system to enable GUI. We will go through the steps required to install GNOME GUI.

Check the available package groups for AlmaLinux.

yum group list

Output:

[root@vps ~]# yum group list
Last metadata expiration check: 0:21:54 ago on Tue 23 Mar 2021 01:27:06 PM EDT.
Available Environment Groups:
   Server
   Workstation
   Custom Operating System
   Virtualization Host
Installed Environment Groups:
   Server with GUI
   Minimal Install
Installed Groups:
   Container Management
   Headless Management
Available Groups:
   Legacy UNIX Compatibility
   Development Tools
   .NET Core Development
   Graphical Administration Tools
   Network Servers
   RPM Development Tools
   Scientific Support
   Security Tools
   Smart Card Support
   System Tools

Installing Gnome GUI

Install Gnome GUI and in between it will prompt for download permission, enter “y” key and hit enter to proceed with installation.

yum groupinstall "Server with GUI"

To enable the GUI as default and boot into graphical mode.

systemctl set-default graphical

Output:

[root@vps ~]# systemctl set-default graphical
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/graphical.target.

Reboot the system so it can boot into the graphical mode.

reboot

GUI Setup

GUI welcome page will appear and it will prompt for if you would like to enable Location Services and set up online accounts.

Create user by providing User name and Password.

Login Screen

Login to the user which you’ve created.

AlmaLinux 8 desktop screen and it’s system information.

AlmaLinux 8 GNOME GUI complete!!!

bookmark_borderInstalling Docker on AlmaLinux 8

Hello,

In this week’s feature highlight, we look at How to Install Docker on AlmaLinux 8

What is Docker?

Docker is basically a container engine which uses the Linux Kernel in order to create the containers on top of an operating system. Which is use to create, deploy and run the applications.

First, check and install any pending system updates.

yum update 

Adding Docker repository

Enable the Docker CE repository by running the following command.

dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Output:

[root@vps ~]# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo

Installing Docker-ce package

Install Docker-ce package on AlmaLinux 8 by running the following command.

dnf -y  install docker-ce --nobest

Output:

[root@vps ~]# dnf -y  install docker-ce --nobest
Docker CE Stable - x86_64                       147 kB/s |  11 kB     00:00
Dependencies resolved.
================================================================================
 Package                      Arch   Version             Repository        Size
================================================================================
Installing:
 docker-ce                    x86_64 3:20.10.5-3.el8     docker-ce-stable  27 M
Installing dependencies:
 checkpolicy                  x86_64 2.9-1.el8           baseos           347 k
 container-selinux            noarch 2:2.155.0-1.module_el8.3.0+2046+68fb1526
                                                         appstream         50 k
 containerd.io                x86_64 1.4.4-3.1.el8       docker-ce-stable  33 M
 docker-ce-cli                x86_64 1:20.10.5-3.el8     docker-ce-stable  33 M

Enable the Docker service.

systemctl enable --now docker

Output:

[root@vps ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

Checking the Docker service

To verify the Docker service by running the following command.

systemctl status  docker

Output:

[root@vps ~]# systemctl status  docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pres>
   Active: active (running) since Thu 2021-03-18 15:10:09 GMT; 25s ago
     Docs: https://docs.docker.com
 Main PID: 7649 (dockerd)
    Tasks: 9
   Memory: 44.3M
   CGroup: /system.slice/docker.service
           └─7649 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/contai>

Mar 18 15:10:07 vps.server.com dockerd[7649]: time="2021-03-18T15:10:07.8416726>
Mar 18 15:10:07 vps.server.com dockerd[7649]: time="2021-03-18T15:10:07.8417156> 

Done!

bookmark_borderInstalling Fail2Ban on AlmaLinux 8

Hello,

In this week’s feature highlight, we look at How to Install Fail2Ban on AlmaLinux 8

To install Fail2ban, The EPEL repository needs to be installed first.

yum install epel-release

Note: It will prompt for several permission Press “y” and “Enter” to continue.

Next, install fail2ban package.

yum install fail2ban

Note: This will prompt for several permissions, Press “y” and “Enter” to continue.

Set fail2ban to start on boot automatically,

systemctl enable fail2ban

Configuring local file settings.

Jail.conf contains a section which Configuration settings can be done for the fail2ban, we are not going edit this file because package upgrade can overwrite this file.

Jail.local contains same section where jail.conf file contains and it can override this values.

/etc/fail2ban/jail.d/ can override both jails.local and jails.conf files

First we begin with the jail.local file.

Open the file for editing,

nano /etc/fail2ban/jail.local

Add the following content,

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

If server uses firewalld instead of iptables, simply comment the banaction line

Restarting the Fail2Ban service to load new settings.

systemctl restart fail2ban

To check status

fail2ban-client status

Output:

Status
|- Number of jail:      1
`- Jail list:   sshd

To view detailed information of sshd

fail2ban-client status sshd

Modify the content of the file /etc/fail2ban/jail.local

nano /etc/fail2ban/jail.local

Setting ban time

#ban time setting to 600sec
bantime = 600 

Setting conditions to ban a client

findtime = 600 
maxretry = 3

In this example, the client is blocked if he makes 3 unsuccessful login attempts with in 10 mins.

To check the details of banned IPs and number of login attempts,

fail2ban-client status sshd

Output:

[root@server ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 10
|  |- Total failed:     84
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 11
   |- Total banned:     11
   `- Banned IP list:   221.131.165.85 74.208.253.184 159.65.125.169 118.27.19.199 211.144.221.226 203.137.195.133 120.92.150.145 103.16.202.187 68.183.140.19 221.131.165.124 191.235.98.48

Done!

bookmark_borderInstalling LEMP Stack on AlmaLinux 8

Hello,

In this week’s feature highlight, we look at How to Install LEMP Stack on AlmaLinux 8

LEMP is a combination of free, open source software. The acronym LEMP refers to the first letters of Linux (Operating system), Nginx Server, MySQL (database software), and PHP, PERL or Python, principal components to build a viable general purpose web server.

Install Nginx Web Server

First, we will start by installing the Nginx web server. To complete the installation, use the following command:

yum install nginx -y

Output:

[root@vps ~]# yum install nginx -y
Last metadata expiration check: 1:11:49 ago on Thu 25 Feb 2021 07:02:17 AM EST.
Dependencies resolved.
================================================================================
 Package                     Arch   Version                     Repo       Size
================================================================================
Installing:
 nginx                       x86_64 1:1.14.1-9.module_el8.0.0+6007+fd7c418b
                                                                appstream 570 k
Installing dependencies:
 dejavu-fonts-common         noarch 2.35-6.el8                  baseos     74 k
 dejavu-sans-fonts           noarch 2.35-6.el8                  baseos    1.5 M

Once the installation is complete, enable Nginx (to start automatically upon system boot), start the web server and verify the status using the commands below.

systemctl start nginx

systemctl enable nginx

systemctl status nginx

Output:

[root@vps ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor prese>
  Drop-In: /usr/lib/systemd/system/nginx.service.d
           └─php-fpm.conf
   Active: active (running) since Thu 2021-02-25 08:15:12 EST; 16s ago
 Main PID: 6968 (nginx)
    Tasks: 3 (limit: 11438)
   Memory: 5.8M
   CGroup: /system.slice/nginx.service
           ├─6968 nginx: master process /usr/sbin/nginx
           ├─6969 nginx: worker process
           └─6970 nginx: worker process

Check Nginx version

nginx -v

Output:

[root@vps ~]# nginx -v
nginx version: nginx/1.14.1

To make your pages available to public, you will have to edit your firewall rules to allow HTTP requests on your web server by using the following commands.

firewall-cmd --permanent --zone=public --add-service=http 

firewall-cmd --permanent --zone=public --add-service=https

firewall-cmd --reload

Output:

[root@server ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@server ~]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@server ~]# firewall-cmd --reload
success

Verify that the web server is running and accessible by accessing your server’s IP address.

From your browser,

http://IP_address
image

We need to make user nginx as the owner of web directory. By default it’s owned by the root user.

chown nginx:nginx /usr/share/nginx/html -R

Install MariaDB Server

MariaDB is a popular database server. The installation is simple and requires just a few steps as shown.

yum install mariadb-server mariadb -y

Output:

[root@vps ~]# yum install mariadb-server mariadb -y
Last metadata expiration check: 1:15:23 ago on Thu 25 Feb 2021 07:02:17 AM EST.
Dependencies resolved.
================================================================================
 Package                    Arch   Version                      Repo       Size
================================================================================
Installing:
 mariadb                    x86_64 3:10.3.27-3.module_el8.3.0+2028+5e3224e9
                                                                appstream 6.0 M
 mariadb-server             x86_64 3:10.3.27-3.module_el8.3.0+2028+5e3224e9
                                                                appstream  16 M
Installing dependencies:
 libaio                     x86_64 0.3.112-1.el8                baseos     32 k
 mariadb-common             x86_64 3:10.3.27-3.module_el8.3.0+2028+5e3224e9

Once the installation is complete, enable MariaDB (to start automatically upon system boot), start the MariaDB and verify the status using the commands below.

systemctl start mariadb

systemctl enable mariadb

systemctl status mariadb

Output:

[root@vps ~]# systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor pre>
   Active: active (running) since Thu 2021-02-25 08:18:42 EST; 13s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
 Main PID: 8411 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 30 (limit: 11438)
   Memory: 84.7M
   CGroup: /system.slice/mariadb.service
           └─8411 /usr/libexec/mysqld --basedir=/usr

Finally, you will want to secure your MariaDB installation by issuing the following command.

mysql_secure_installation

Output:

[root@vps ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!   

Once secured, you can connect to MySQL and review the existing databases on your database server by using the following command.

mysql -e "SHOW DATABASES;" -p

Output:

[root@server ~]# mysql -e "SHOW DATABASES;" -p
Enter password:
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
[root@server ~]#

Install PHP

To Install PHP-FPM by running the following command.

yum install php php-mysqlnd php-fpm php-opcache php-gd php-xml php-mbstring -y

Output:

[root@vps ~]# yum install php php-mysqlnd php-fpm php-opcache php-gd php-xml php-mbstring -y
Last metadata expiration check: 1:23:47 ago on Thu 25 Feb 2021 07:02:17 AM EST.
Package php-fpm-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64 is already installed.
Package php-xml-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64 is already installed.
Package php-mbstring-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64 is already installed.
Dependencies resolved.
================================================================================
 Package     Arch   Version                                     Repo       Size
================================================================================
Installing:
 php         x86_64 7.2.24-1.module_el8.3.0+2010+7c76a223       appstream 1.5 M

Once the installation is complete, enable php-fpm (to start automatically upon system boot), start the php-fpm and verify the status using the commands below.

systemctl start php-fpm

systemctl enable php-fpm

systemctl status php-fpm

Output:

[root@vps ~]# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor pre>
   Active: active (running) since Thu 2021-02-25 08:26:10 EST; 38s ago
 Main PID: 8594 (php-fpm)
   Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/s>
    Tasks: 6 (limit: 11438)
   Memory: 22.7M
   CGroup: /system.slice/php-fpm.service
           ├─8594 php-fpm: master process (/etc/php-fpm.conf)
           ├─8658 php-fpm: pool www
           ├─8659 php-fpm: pool www
           ├─8660 php-fpm: pool www

By default, PHP-FPM runs as the apache user. Since we are using Nginx web server, we need to change following line.

vi /etc/php-fpm.d/www.conf

user = apache
group = apache

Change them to

user = nginx
group = nginx

Once changed, need to reload php-fpm

systemctl reload php-fpm

Test your PHP, by creating a simple info.php file with a phinfo() in it. The file should be placed in the directory root for your web server, which is /usr/share/nginx/html/info.php.

To create the file use:

echo "<?php phpinfo() ?>" > /usr/share/nginx/html/info.php

Restart the Nginx and PHP-FPM.

systemctl restart nginx php-fpm

Now again, access http://localhost/info.php or http://yourserver-ip-address/info.php. You should see a page similar to below one.

image

Done!

bookmark_borderConverting CentOS 8 to AlmaLinux 8

Hello,

In this week’s feature highlight, we look at How to Convert CentOS 8 to AlmaLinux 8

In this Article we will learn how to convert an existing CentOS 8 system to AlmaLinux 8. This guide includes the link to the conversion script maintained by the official GitHub repo for AlmaLinux.

AlmaLinux is a binary fork of RedHat Linux Enterprise Linux (RHEL) which is created as an alternative to CentOS. The current AlmaLinux version is based on RHEL 8.3. Almalinux is aimed to fill the gap left by the demise of CentOS stable Linux.

Before we begin

Please note that this is still in development phase and it is not recommended on Production environments yet.

Make sure you have a backup of your data if anything goes wrong.

Download the Script

Download the almalinux-deploy.sh script from official AlmaLinux repo.

curl -O https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh

Executing the Script

Run the downloaded script,

bash almalinux-deploy.sh

You’ll get similar Output:

Complete!
Run dnf distro-sync -y                                                OK

Migration to AlmaLinux is completed, please reboot the system

Once migration is completed reboot the system.

reboot

To check the current version of OS.

cat /etc/redhat-release

Output:

[root@vps ~]# cat /etc/redhat-release
AlmaLinux release 8.3 Beta (Purple Manul)

To check the system boots AlmaLinux kernel by default.

grubby --info DEFAULT | grep AlmaLinux

Output:

[root@vps ~]# grubby --info DEFAULT | grep AlmaLinux
title="AlmaLinux (4.18.0-240.el8.x86_64) 8"

Done! Your CentOS 8 system has now been converted over to AlmaLinux 8